Technical Information

API

The SmartSign API is implemented as a RESTful web service. To make integrating SmartSign into your application as simple and as quick as possible we provide language-specific wrapper APIs in a variety of languages. Combine this with comprehensive developer documentation and sample code that works out of the box and you have a solution that couldn't be easier.

Security & Encryption

SmartSign has been developed by a company with a long history in software and IT security. All SmartSign communications are secured by SSL/TLS using 2048-bit keys. This includes this website, the Management System, the API and the OOB authentication mechanism the SmartSign app uses.

Authentication Standards

SmartSign is built around the industry leading authentication algorithms developed by the Initiative for Open Authentication (OATH). These include OTP and the OATH-based Challenge-Response Algorithm (OCRA).

Comprehensive Browser Support

The SmartSign widget is delivered as pure HTML that you embed in your site. It's HTML 4 & 5 compatible and is supported in all major web browsers.

Active Directory Synchronisation

SmartSign can be integrated seamlessly with Active Directory. If an administrator wants a user to use SmartSign, they simply drop them into the SmartSign group and they will automatically be registered. This is accomplished without any modifications to your schema, so there are no permanent changes.

Out Of Band Authentication

SmartSign employs Out-Of-Band (OOB) Authentication which builds security outside of the webserver↔browser channel. Establishing this secure 2nd channel of communication directly with the SmartSign servers protects against security breaches of the user's browser or connection such as man-in-the-middle attacks.

No Flash or Java

SmartSign does not embed any Adobe Flash® content or Java® applets in the client-side widget.